feat: public.usr_root, public.grp_admins

2023-07-15 18:22:40 -04:00 · 2023-07-15 18:22:40 -04:00 · c83a4cece6
commit c83a4cece6
parent 1bf3d29863
10 changed files with 34 additions and 27 deletions
--- a/.gitea/workflows/migrate-devel.yml
+++ b/.gitea/workflows/migrate-devel.yml
@ -1,5 +1,5 @@
 name: 'migrate-devel'
-on: {push: {branches: ['main']}}
+on: {push: {tags: ['devel@*']}}

 jobs:
  migrate-devel:
--- a/.gitea/workflows/migrate-stage.yml
+++ b/.gitea/workflows/migrate-stage.yml
@ -1,5 +1,5 @@
 name: 'migrate-stage'
-on: {push: {branches: ['main']}}
+on: {push: {tags: ['stage@*']}}

 jobs:
  migrate-stage:
@ -9,7 +9,7 @@ jobs:
    steps:
      - uses: 'actions/checkout@v3'
        with: { fetch-depth: 0 }
-      - run: './scripts/migrate.sh --greenlight'
+      - run: './scripts/migrate.sh ${{ gitea.ref_name }} --greenlight'
        env:
          DOCKER_HOST: 'unix:///run/user/1001/docker.sock'
          POSTGRES_URI: '${{ secrets.POSTGRES_STAGE_URI }}'
--- a/schema/0100_usr.sql
+++ b/schema/0100_usr.sql
@ -57,6 +57,12 @@ create trigger insert_usr_default_discrim
 before insert on public.usr
 for each row execute function public.do_insert_usr_default_discrim();

+create function public.usr_root()
+  returns public.usr
+  stable
+  language sql
+  as $$select * from public.usr where tag = public.usr_tag_of_string('root')$$;
+
 insert into public.usr
  (tag, password, email)
 values
--- a/schema/0101_acting_usr.sql
+++ b/schema/0101_acting_usr.sql
@ -18,10 +18,7 @@ declare
  acting_usr public.usr;
 begin
  if nullif(current_setting('dnim.usr_uid', true), '') is null then
-    select u.*
-    from public.usr u
-    where u.tag = public.usr_tag_of_string('root')
-    into acting_usr;
+    acting_usr := public.usr_root();
  else 
    select u.*
    from public.usr u
--- a/schema/0300_grp.sql
+++ b/schema/0300_grp.sql
@ -10,6 +10,12 @@ create table public.grp
 insert into public.grp (tag)
 values (grp_tag_of_string('admins'));

+create function public.grp_admins()
+  returns public.grp
+  stable
+  language sql
+  as $$select * from public.grp where tag = public.grp_tag_of_string('admins')$$;
+
 create function public.do_grp_add_admins()
  returns trigger
  volatile
--- a/schema/0301_grp_usr.sql
+++ b/schema/0301_grp_usr.sql
@ -44,19 +44,8 @@ $$;
 create function public.grp_members_admins()
  returns setof public.usr
  stable
-  language plpgsql
-  as $$
-declare
-  gid int;
-begin
-  select g.id
-  from public.grp g
-  where g.tag = public.grp_tag_of_string('admins')
-  into gid;
-
-  return query select * from public.grp_members(gid);
-end;
-$$;
+  language sql
+  as $$select * from public.grp_members((public.grp_admins()).id)$$;

 create function public.grp_rm_member(from_grp int, rm_usr int)
  returns void
--- a/schema/0302_default_grps.sql
+++ b/schema/0302_default_grps.sql
@ -12,6 +12,12 @@ begin

  perform public.grp_add_member(to_grp => new_grp, add_usr => new.id);

+  update public.perm
+  set owner_user = public.usr_root()
+    , owner_group = public.grp_admins()
+  where path = '/groups/' || new_grp || '/members'
+     or path = '/groups/' || new_grp || '/tag';
+
  return null;
 end;
 $$;
--- a/schema/0400_perm.sql
+++ b/schema/0400_perm.sql
@ -16,8 +16,8 @@ declare
  root int;
  admins int;
 begin
-  select * from public.usr where tag = usr_tag_of_string('root') into root;
-  select * from public.grp where tag = grp_tag_of_string('admins') into admins;
+  root := (public.usr_root()).id;
+  admins := (public.grp_admins()).id;

  insert into public.perm
    (path, owner_user, owner_group, owner_user_mode, owner_group_mode, everyone_mode)
@ -33,7 +33,7 @@ create function do_insert_usr_perm() returns trigger language plpgsql as $$
 declare
  admins int;
 begin
-  select * from public.grp where tag = grp_tag_of_string('admins') into admins;
+  admins := public.grp_admins();

  insert into public.perm
    (path, owner_user, owner_group, owner_user_mode, owner_group_mode, everyone_mode)
@ -41,6 +41,7 @@ begin
    ('/users/' || NEW.id || '/tag', NEW.id, admins, 'w', 'w', 'r')
  , ('/users/' || NEW.id || '/email', NEW.id, admins, 'w', 'w', '-')
  , ('/users/' || NEW.id || '/deleted', NEW.id, admins, 'w', 'w', '-')
+  , ('/users/' || NEW.id || '/password', NEW.id, admins, 'w', 'w', '-')
  ;

  return new;
--- a/scripts/diff.sh
+++ b/scripts/diff.sh
@ -28,8 +28,10 @@ if [[ ! -f "$migration" ]]; then
  
  echo "migrate from $rev => HEAD" 1>&2

-  migra --unsafe $base_url $head_url > "$migration" \
+  echo "BEGIN" > "$migration"
+  migra --unsafe $base_url $head_url >> "$migration" \
    || echo "migra exited with code $?. this is /probably/ fine" 1>&2
+  echo "COMMIT;" > "$migration"
 fi

 echo "$migration"
--- a/scripts/migrate.sh
+++ b/scripts/migrate.sh
@ -9,7 +9,7 @@ if [[ -n $(git status --porcelain) ]]; then
  exit 1;
 fi

-head=$(git show --format=format:%h -q)
+to_tag="$1"

 get_dnim_database_count="copy (select count(*) from pg_database where datname = 'dnim') to stdout with null as '';"
 dnim_database_count=$(psql "$POSTGRES_URI/postgres" -c "$get_dnim_database_count")
@ -25,7 +25,7 @@ else
  last_revision=$(psql "$POSTGRES_URI/dnim" -c "$get_last_revision")
  migration_file=$(./scripts/diff.sh "$last_revision")

-  if [[ "$1" = "--greenlight" ]]; then
+  if [[ "$2" = "--greenlight" ]]; then
    psql "$POSTGRES_URI/dnim" -f "$migration_file"
  else
    echo "migration available at $migration_file"
@ -34,6 +34,6 @@ else
  fi
 fi

-insert_migration="insert into migration (from_revision, to_revision, script) values ('$last_revision', '$head', \$migration\$$script\$migration\$);"
+insert_migration="insert into migration (from_revision, to_revision, script) values ('$last_revision', '$to_tag', \$migration\$$script\$migration\$);"
 psql "$POSTGRES_URI/dnim" -c "$insert_migration"
 echo "inserted migration"